Ghidra - NSA's Reverse Engineering Tool Released [Download Now]

A couple of months ago, the NSA announced that they are going to published a software reverse engineering tool that was developed by the National Security Agency (NSA) itself.

Today, at RSA security conference, NSA has released a free software reverse engineering tool named 'Ghidra'. This tool is mainly for software engineers but can also be used for malware analysis.

Ghidra is now available for download from its website, and further details about the tool can be found on its Wiki Page or on GitHub.

Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency
Research Directorate. This framework includes a suite of full-featured,
high-end software analysis tools that enable users to analyze compiled
code on a variety of platforms including Windows, Mac OS, and Linux.

Ghidra is coded in Java, has a graphical user interface (GUI), and works on Windows, Mac, and Linux. NSA also plans to release its source code under an open source license on GitHub in the coming future.

Intro to Ghidra
Here is the video demonstration of Ghidra which also explains its installation and features.

Almost everyone was looking for this tool because this will be similar to another reverse engineering tool called IDA Pro, which is available under a very expensive commercial license. With an alternative to the IDA Pro, Ghidra does have the capability that includes disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features.

After some minutes of releasing the tool, all people form security domain started checking it. One user going with the twitter handle @hackerfantastic claims that he had found a security issue on Ghidra.

Ghidra opens up JDWP in debug mode listening on port 18001, you can use it to execute code remotely 🤦‍♂️.. to fix change line 150 of support/launch.sh from * to 127.0.0.1 https://t.co/J3E8q5edC7

According to him, Ghidra opens up JDWP in debug mode listening on port 18001. Now this port can be exploited to gain code execution on the system.

Here's another video from security researcher Marcus 'MalwareTech' taking the first look at Ghidra and its features.

It was just some hours of the release of the Ghidra, its now available on Arch Linux as a package.

A couple of months ago, the NSA announced that they are going to published a software reverse engineering tool that was developed by the National Security Agency (NSA) itself.

Today, at RSA security conference, NSA has released a free software reverse engineering tool named 'Ghidra'. This tool is mainly for software engineers but can also be used for malware analysis.

Ghidra is now available for download from its website, and further details about the tool can be found on its Wiki Page or on GitHub.

Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency
Research Directorate. This framework includes a suite of full-featured,
high-end software analysis tools that enable users to analyze compiled
code on a variety of platforms including Windows, Mac OS, and Linux.

Ghidra is coded in Java, has a graphical user interface (GUI), and works on Windows, Mac, and Linux. NSA also plans to release its source code under an open source license on GitHub in the coming future.

Intro to Ghidra
Here is the video demonstration of Ghidra which also explains its installation and features.

Almost everyone was looking for this tool because this will be similar to another reverse engineering tool called IDA Pro, which is available under a very expensive commercial license. With an alternative to the IDA Pro, Ghidra does have the capability that includes disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features.

After some minutes of releasing the tool, all people form security domain started checking it. One user going with the twitter handle @hackerfantastic claims that he had found a security issue on Ghidra.

Ghidra opens up JDWP in debug mode listening on port 18001, you can use it to execute code remotely 🤦‍♂️.. to fix change line 150 of support/launch.sh from * to 127.0.0.1 https://t.co/J3E8q5edC7